Dne 30.7.2015 v 17:28 Orion Poplawski napsal(a):
On 07/28/2015 11:09 PM, Jan Cholasta wrote:
Dne 20.7.2015 v 19:52 Orion Poplawski napsal(a):
On 07/20/2015 12:57 AM, Jan Cholasta wrote:
Dne 15.7.2015 v 20:57 Orion Poplawski napsal(a):
On 07/14/2015 11:53 PM, Jan Cholasta wrote:

       # ipa-replica-prepare -v ipa1.nwra.com --dirsrv_pkcs12=nwra.com.p12
--dirsrv_pin=XXXXXX --http_pkcs12=nwra.com.p12 --http_pin=XXXXXX

Directory Manager (existing master) password:

(SEC_ERROR_LIBRARY_FAILURE) security library failure.

I was able to debug this in gdb and tracked it down to a low entropy
condition.  Details noted in https://fedorahosted.org/freeipa/ticket/5117.
Looks like prng_instantiate is being called 2-3 times and there just isn't
enough entropy:

Breakpoint 1, prng_instantiate (rng=0x7fffe5f9d3a0 <theGlobalRng>,
     bytes=bytes@entry=0x7fffffffc220 "\304(\336\350F8\375㨟\177\325\017+\302
len=110) at drbg.c:160
160         if (len < PRNG_SEEDLEN) {
1: len = 110
(gdb) c

Breakpoint 1, prng_instantiate (rng=rng@entry=0x7fffe5f9f620 <testContext>,
len=len@entry=32) at drbg.c:160
160         if (len < PRNG_SEEDLEN) {
1: len = 32

PRNG_SEEDLEN is 55 I think.

I wouldn't have thought that this might be the cause.

Thank you for the investigation!

Jan Cholasta

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to